package com.tzb.shirospringbootjsp.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;


/**
 * @Description TODO
 * @Author tzb
 * @Date 2021/8/29 12:10
 * @Version 1.0
 **/
@Controller
@RequestMapping("/order")
public class OrderController {

    @RequestMapping("/save")
    @RequiresRoles("admin")//判断角色
    @RequiresPermissions("user:update:*")//用来判断权限字符串
    public String save() {
        //代码方法授权
        //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        if (subject.hasRole("admin")) {
            System.out.println("保存订单");
        } else {
            System.out.println("无权访问");
        }
        return "redirect:/index.jsp";
    }

}
